A common mistake made by many small business website owners is to have an order form or booking form that accepts credit card details, securing it by having an SSL certificate, but then having the form email the results to the website operator.

Unless you are using encrypted email, you have defeated the purpose of using a secure web page, because the email that contains the credit card details is far less secure than even an unencrypted web page. Security is only as secure as the weakest link!

If you need to process the credit cards yourself, the most cost-effective solution is to store an encrypted version of the credit card details in a database, and have an interface for the website operator to login and view those details, again with an SSL certificate securing that page. A procedure to delete credit card details once processed is important with this solution.